Fix __cscncmp_avx2 in strcmp-avx2.S [BZ#28755]
(cherry picked from commit f95f2fe02e913cbc3f9e2d102faf40ca13afc073)
This commit is contained in:
liqingqing_1229
openeuler-sync-bot
parent
605efddc34
commit
ca8dc2c744
@ -59,7 +59,7 @@
|
||||
##############################################################################
|
||||
Name: glibc
|
||||
Version: 2.28
|
||||
Release: 87
|
||||
Release: 88
|
||||
Summary: The GNU libc libraries
|
||||
License: %{all_license}
|
||||
URL: http://www.gnu.org/software/glibc/
|
||||
@ -149,6 +149,7 @@ Patch65: CVE-2022-23219-Buffer-overflow-in-sunrpc-clnt_create.patch
|
||||
Patch66: sunrpc-Test-case-for-clnt_create-unix-buffer-overflo.patch
|
||||
Patch67: CVE-2022-23218-Buffer-overflow-in-sunrpc-svcunix_cre.patch
|
||||
Patch68: getcwd-Set-errno-to-ERANGE-for-size-1-CVE-2021-3999.patch
|
||||
Patch69: x86-Fix-__wcsncmp_avx2-in-strcmp-avx2.S-BZ-28755.patch
|
||||
|
||||
Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
|
||||
|
||||
@ -1173,6 +1174,9 @@ fi
|
||||
%doc hesiod/README.hesiod
|
||||
|
||||
%changelog
|
||||
* Fri Jan 28 2022 Qingqing Li <liqingqing3@huawei.com> - 2.28-88
|
||||
- Fix __cscncmp_avx2 in strcmp-avx2.S [BZ#28755]
|
||||
|
||||
* Tue Jan 25 2022 Qingqing Li <liqingqing3@huawei.com> - 2.28-87
|
||||
- fix CVE-2021-3999
|
||||
|
||||
|
||||
40
x86-Fix-__wcsncmp_avx2-in-strcmp-avx2.S-BZ-28755.patch
Normal file
40
x86-Fix-__wcsncmp_avx2-in-strcmp-avx2.S-BZ-28755.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From ddf0992cf57a93200e0c782e2a94d0733a5a0b87 Mon Sep 17 00:00:00 2001
|
||||
From: Noah Goldstein <goldstein.w.n@gmail.com>
|
||||
Date: Sun, 9 Jan 2022 16:02:21 -0600
|
||||
Subject: [PATCH] x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
|
||||
|
||||
Fixes [BZ# 28755] for wcsncmp by redirecting length >= 2^56 to
|
||||
__wcscmp_avx2. For x86_64 this covers the entire address range so any
|
||||
length larger could not possibly be used to bound `s1` or `s2`.
|
||||
|
||||
test-strcmp, test-strncmp, test-wcscmp, and test-wcsncmp all pass.
|
||||
|
||||
Signed-off-by: Noah Goldstein <goldstein.w.n@gmail.com>
|
||||
---
|
||||
sysdeps/x86_64/multiarch/strcmp-avx2.S | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S
|
||||
index a45f9d2..9c73b58 100644
|
||||
--- a/sysdeps/x86_64/multiarch/strcmp-avx2.S
|
||||
+++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S
|
||||
@@ -87,6 +87,16 @@ ENTRY (STRCMP)
|
||||
je L(char0)
|
||||
jb L(zero)
|
||||
# ifdef USE_AS_WCSCMP
|
||||
+# ifndef __ILP32__
|
||||
+ movq %rdx, %rcx
|
||||
+ /* Check if length could overflow when multiplied by
|
||||
+ sizeof(wchar_t). Checking top 8 bits will cover all potential
|
||||
+ overflow cases as well as redirect cases where its impossible to
|
||||
+ length to bound a valid memory region. In these cases just use
|
||||
+ 'wcscmp'. */
|
||||
+ shrq $56, %rcx
|
||||
+ jnz __wcscmp_avx2
|
||||
+# endif
|
||||
/* Convert units: from wide to byte char. */
|
||||
shl $2, %RDX_LP
|
||||
# endif
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user